Cisco CSO shows how to foster security savvy

Security is too important to leave solely to the IT department, say Cisco System officials.

That’s why the company hired a number of communications specialists to get out the message to its 60,000 employees to avoid risky behavior online either in the office or when using company-owned network devices. It’s a strategy Cisco advised organizations to consider in a Webinar this week.

“Security guys have got to stop talking in technology terms,” said John Stewart, the company’s chief security officer, because employees just tune them out.

Instead, security messages have to be crafted around simplicity, a few inexpensive giveaways and rewards for good behavior.

After realizing the efforts of Stewart’s team of Cisco staffers weren’t reaping the changes in behavior the company wanted, it recruited media relations specialist Mia Bradway Winter to be its senior manager of corporate security with a mandate to get people to take security more seriously.

Among other things Winter and Stewart suggest is establishing local “security champions” in branches to oversee overall messages and strategies set at corporate headquarters. However, regions also have the power to ensure messages, images and colours in printed or online materials reflect local sensibilities.

In the U.S., Cisco found, posters warning of security practices don’t work, but they are effective in Europe.

Stewart credits Winter for allowing security leaders to talk about staffers’ mistakes rather than hiding them as a way of putting a personal face on security without identifying the offender. Too many people read news reports of security breaches at other companies and think, ‘It can’t happen here,’” he said.

While Cisco’s security strategy was spread over several years, it sometimes took only a little bit of money to get employees’ attention. For example, the company found US$2,000 for laptop security screens for senior executives to “seed the audience.” Other staffers found the devices were “cool” and began buying them themselves, becoming what Stewart called a “badge of honour.” Now Cisco makes the screens mandatory on all new PCs it buys.

Sometimes rewards help – such as giving a certificate for attending a security training course, or urging staffers to nominate colleagues who show exemplary security activity, who are then publicly thanked by managers.

Ultimately, Stewart suggested, organizations want staffers to caution each other about improper behavior on the theory that you’re more likely to listen to a colleague than a manager.

Organizations aiming to set up a security strategy should get buy-in from upper management, said Winter, and appoint the right person to lead the charge. Extensive research is necessary not only to define the different audiences in each organization, but also to find the right vehicles for communicating messages.

What’s important in crafting any strategy, Stewart suggested, is simplicity: Spell out three or so rules for working online – what management forbids staffers from doing, what it really appreciates them not doing, and things it merely recommends them not doing.

“If you get security as a topic at the water cooler,” said Stewart, “that means security’s important on people’s minds.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now